Scale Your Private Key Security with
Hardware Security Module Leaders

Scale private key security within leading
hardware security modules

As an add-on module to the Venafi Platform,
Advanced Key Protect applies policy and workflow controls and enables fast, automated
orchestration of keys. Together, these capabilities ensure the consistent use of the strongest
possible cryptographic keys.

Do you use TLS to secure communication with
business-critical systems?

Many organizations struggle with key management
issues that result in compromised private keys. You need an easy way to automate private key
life cycle management that enforces strict policy control, achieves compliance and centrally
manages keys securely, avoiding the risks associated with storing keys in files.

Strong central key generation and HSM key life
cycle management

Venafi Advanced Key Protect promotes the use of safe, cryptographic keys by orchestrating
HSM-based generation and storage of cryptographically strong keys across the enterprise.
Advanced Key Protect improves private key security in two important ways: it allows users to
generate strong keys from a central HSM and also provides flexible management of the entire
HSM key life cycle for enterprise applications.

After triggering the generation of a key pair by the HSM, Venafi
Advanced Key Protect follows one of these two approaches:

Securely maintain private keys on an HSM

Orchestrate the connection to the system that needs the certificate

Maintain the key pair securely on the HSM for key protection

Ensure that the private key never leaves the HSM

Supported by Gemalto and Thales HSMs on Apache, Windows IIS and Java

Install private keys and certificates on a managed
application

Generate all X.509 and SSH keys in a central HSM

Export the key pair from the HSM

Install the private key and certificate on the system that will use them